This Metasploit module exploits a stack-based buffer overflow vulnerability in IBM Personal Communications I-Series. The issue affects file parsing in which data copied to a location in memory exceeds the size of the reserved destination area. The buffer is located on the runtime program stack. Versions tested: IBM System i Access for Windows V6R1M0 version 06.01.0001.0000a which bundles pcsws.exe version 5090.27271.709.
2d5f9b10f02a872dad2c7339ae14ed2aUnspecified vulnerability in Zope 2.12.x and 2.13.x, as used in Plone 4.0.x through 4.0.9, 4.1, and 4.2 through 4.2a2, allows remote attackers to execute arbitrary commands via vectors related to the p_ class in OFS/misc_.py and the use of Python modules.
3013603a348129a540fe43fd110026f6This Metasploit module exploits an arbitrary command execution vulnerability in PmWiki from 2.0.0 to 2.2.34. The vulnerable function is inside /scripts/pagelist.php.
e4e50e113930a054f27b8419fa7c20bbThis Metasploit module exploits a remote stack buffer overflow vulnerability in 3S-Smart Software Solutions product CoDeSys Scada Web Server Version 1.1.9.9.
4d6c163dec4e6a936ce6c28e43feda92This Metasploit module exploits an arbitrary command execution vulnerability in Traq 2.0 to 2.3. It's in the admincp/common.php script. This function is called in each script located into /admicp/ directory to make sure the user has admin rights, but this is a broken authorization schema due to the header() function not stopping the execution flow.
e05bdd8825527e2e70d105042b0dad1cStack-based buffer overflow in the MOVIEPLAYER.MoviePlayerCtrl.1 ActiveX control in MoviePlayer.ocx 6.8.0.0 in Viscom Software Movie Player Pro SDK ActiveX 6.8 allows remote attackers to execute arbitrary code via a long strFontName parameter to the DrawText method. The victim will first be required to trust the publisher Viscom Software. This Metasploit module has been designed to bypass DEP and ASLR under XP IE8, Vista and Win7 with Java support.
ac5ee43cfc0509841b6c9a26de949d06This Metasploit module exploits a stack based buffer overflow in the Active control file ImageViewer2.OCX by passing a overly long argument to an insecure TifMergeMultiFiles() method. Exploitation results in code execution with the privileges of the user who browsed to the exploit page. The victim will first be required to trust the publisher Viscom Software. This Metasploit module has been designed to bypass DEP and ASLR under XP IE8, Vista and Win7 with Java support.
4682a02bd6d485a684e4c2af85471375This Metasploit module exploits a vulnerability in the lib/functions.php that allows attackers input parsed directly to the create_function() php function. A patch was issued that uses a whitelist regex expression to check the user supplied input before being parsed to the create_function() call.
6ff2f43db9509854e854f8121b45df3eThis Metasploit module exploits a stack-based buffer overflow vulnerability in version 7.5.1 86 of Real Networks Netzip Classic. In order for the command to be executed, an attacker must convince someone to load a specially crafted zip file with NetZip Classic. By doing so, an attacker can execute arbitrary code as the victim user.
73f79d377a245b750af3ab179d1550c9This Metasploit module exploits a function pointer control within SVUIGrd.ocx of PcVue 10.0. By setting a dword value for the SaveObject() or LoadObject(), an attacker can overwrite a function pointer and execute arbitrary code.
f6b70eb735e3f3aab8779a7d7fc7ff6bThis Metasploit module exploits a stack-based buffer overflow vulnerability in the latest version 3.5 of TugZip archiving utility. In order to trigger the vulnerability, an attacker must convince someone to load a specially crafted zip file with TugZip by double click or file open. By doing so, an attacker can execute arbitrary code as the victim user.
0ac057d8b5dce6496b4b683ba3aea744AmmSoft's ScriptFTP client is susceptible to a remote buffer overflow vulnerability that is triggered when processing a sufficiently long filename during a FTP LIST command resulting in overwriting the exception handler. Social engineering of executing a specially crafted ftp file by double click will result in connecting to our malicious server and perform arbitrary code execution which allows the attacker to gain the same rights as the user running ScriptFTP.
e540826b848295b079627e0d679021e3eSignal and eSignal Pro versions 10.6.2425.1208 and below suffer from a file parsing buffer overflow in QUO. Successful exploitation of this vulnerability may take up to several seconds due to the use of egghunter. Also, DEP bypass is unlikely due to the limited space for payload.
5fb53a4cce0229cfcf830c27f79a4fbeThis Metasploit module allows remote attackers to execute arbitrary commands on the affected system by abusing a directory traversal attack when using the 'xf' command (execute function). An attacker can execute system() from msvcrt.dll to upload a backdoor and gain remote code execution.
3508195d3c887c43db110cb0998ef314A vulnerability was discovered by Rocco Calvi and Steve Seeley which identifies unauthenticated time-based blind SQL injection in the "page" variable of the virtuemart component. This vulnerability allows an attacker to gain information from the database with specially crafted URLs taking advantage of the MySQL benchmark. This issue was patched in version 1.1.7a.
426ac2c03c6c7e51d370d76153569d7eIf-CMS version 2.07 pre-authentication local file inclusion exploit that leverages the newlang parameter.
7a33f7e16da3d52c32353655d347203cVLC Media Player suffers from an XSPF local file integer overflow in the XSPF playlist parser. Versions 1.1.9 down to 0.8.5 are affected.
3cfc2105895e00e1fcc0e75ba428e3fcThis Metasploit module exploits a vulnerability found in VisiWave's Site Survey Report application. When processing .VWR files, VisiWave.exe attempts to match a valid pointer based on the 'Type' property (valid ones include 'Properties', 'TitlePage', 'Details', 'Graph', 'Table', 'Text', 'Image'), but if a match isn't found, the function that's supposed to handle this routine ends up returning the input as a pointer, and later used in a CALL DWORD PTR [EDX+10] instruction. This allows attackers to overwrite it with any arbitrary value, and results code execution. This Metasploit module was built to bypass ASLR and DEP. NOTE: During installation, the application will register two file handle's, VWS and VWR and allows a victim user to 'double click' the malicious VWR file and execute code.
71310cd3b031f3ad565ea7b5e2e84948iCMS version 1.1 administrative SQL injection / bruteforcing exploit.
fe6fa416a6a65b37ee9e365c43bc91d2If-CMS version 2.07 pre-authentication local file inclusion exploit.
4e0be78b6869f9e2027d0f0d3657c44eN'CMS version 1.1e pre-authentication local file inclusion remote code execution exploit.
fe27d964f1b7aefcd1bc3b4534e42a5bVtiger CRM version 5.0.4 pre-authentication local file inclusion exploit.
75bef0c87ff264fd394c3c43ce6fed33FieldNotes 32 version 5.0 SEH overwrite local exploit that produces a malicious .dxf file.
9eece798aba4c3be37cfe04b4c306b8dWinamp 5.572 local buffer overflow EIP and SEH DEP bypass exploit.
fca65648a9724d3672fd049df98369ddZipExplorer version 7.0 denial of service exploit that creates a malicious .rar file.
d54fab469002e0d6fcc0698dce339e04
© 2012 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed